This Privacy Policy describes how InVisionApp Inc. and its affiliates (collectively, the ‘InVision’ or ‘we’ or ‘us’ or ‘our’) collect, use and disclose information about you and what choices you have with respect to your information.

Your privacy is really important to us, so whether you’re new to InVision or a long-time user, please take the time to get to know our practices. We have made some updates to the format of this Privacy Policy to help you more easily find information. Our privacy practices have remained the same. Our previous privacy policy is available here. We have kept this simple to make it easy to understand, but if you are not familiar with any terms in this Privacy Policy, please reach out to us.

If you do not agree with the terms of this Privacy Policy, do not access or use the Services, Websites or any other aspect of InVision’s business.

Click on any of the links below to go straight to one of the following sections.

1. Our Services
2. When does this Privacy Policy apply?
3. What information do we collect and receive?
4. How do we use your information?
5. What are your rights regarding your information?
6. With whom does InVision share your information?
7. How do we safeguard your information?
8. What international data transfers occur to your information?
9. How long do we retain your information?
10. Your rights under GDPR
11. Your rights under CCPA
12. Changes
13. How to contact us
    
    
    
    
    

1. OUR SERVICES
   
   We believe the screen is one of the most important places in the world. That’s why at InVision we are dedicated to helping you deliver the best possible digital product experience, with our platform and best practices from your peers.
   
   With intuitive tools for visual collaboration, design, prototyping, and ideating, the InVision platform gives you everything you need for digital product design and collaboration, all in one place.
   
   The InVision platform is accessible via our websites and mobile applications and allows its users, at core, (a) to upload their design concepts (.psds, .sketch, .jpgs, .pngs) and create interactive prototypes without writing a single line of code, and/or (b) to collaborate with their teammates and key stakeholders in real time or asynchronously using a shared online whiteboard (collectively, the “Platform”). These prototypes and whiteboards can then be shared internally & when needed with clients to capture feedback directly on the creative assets and/or projects.
   
   Our services are not intended for use by children.  If we later learn that any user of our Service is under the age of 13 (or 16 in the EU, United Kingdom, Lichtenstein, Norway, or Iceland), we will take appropriate steps to remove that user’s information from our account database and will restrict that individual from future access to the Service.
   
2. WHEN DOES THIS PRIVACY POLICY APPLY?
   
   This Privacy Policy sets forth the privacy practices of InVision for:
   
   1) InVision websites located at www.invisionapp.com, www.invision.com, www.freehandapp.com, designdisruptors.com, switchtosketchapp.com, labs.invisionapp.com, designbetter.co, go.invisionapp.com, and any other InVision websites or services that link to this Privacy Policy, (collectively, the ‘Websites’);
   2) all InVision software and applications (including, without limitation, mobile software and applications) and all other InVision products or services provided or otherwise made accessible on or through the Software or the Websites or that otherwise link to or reference this Privacy Policy (collectively the ‘Services’).
   
   When this Privacy Policy does not apply:
   
   1) Our Websites may contain links to other websites. The information practices and the content of such other websites are governed by the privacy notices of such other websites.
   2) Our Services also enable you to customize and connect the Services to Third-Party Services (including products, such as imagery, offered by such services). The collection of your information by these third parties is governed by the Third-Party Services’s privacy policies and terms. We recommend you carefully review their privacy policies and terms as InVision is not responsible for Third-Party Services.
   
3. WHAT INFORMATION DO WE COLLECT AND RECEIVE?
   
   1. Information that you provide to us:
      
      Account Information: information we ask for and may collect to identify or contact you, such as your first and last name, physical address, email address, telephone number, avatar (if you choose to provide this) and IP address.
      
      Billing and Financial Account Information: information that you provide in connection with your purchase of the Services (or a purchase made through the Service), including credit card number, credit card expiration date, credit card verification code, bank account number, bank account title, bank name, branch location, and routing number. You must only provide us with Billing and Financial Account Information for accounts and credit cards that you have the lawful right to access. All payment information is handled only by PCI compliant organizations. When paying with a credit card we do store (or our payment processor on our behalf will store) just the last four digits of your credit card number to comply with credit card processing requirements of authorizations, charges and chargebacks.
      
      Transaction Information: information related to transactions you conduct on the Websites and/or Services, including when you choose to register for a webinar, event, or participate in a survey, or download special content, and your interactions with the Websites and/or Services (for example the functionality you use and the links clicked on the Services).
      
      User Content: when using the Services, your Customer Content (i.e. all the designs, Freehands, projects or prototypes that you decide to submit, upload or made available through InVision Platform) may contain, to the extent that you choose to input it, Personal Data (e.g. the names of Content contributors). The delivery, access and use of the Services is governed by a separate agreement between you and us.
      
      Important Note: As per the terms of the separate agreement between you and us regarding the use of our Services, Users of our Services should not use end-customer personal data (e.g.  actual or “live” end-customer data) when building designs and prototypes. Industry practice is to use “dummy data” that does not refer to actual people. Please also do not provide us with any sensitive personal data while building your Freehands, designs and prototypes.  For example, do not provide personal health information or personal financial information (except for limited financial data when purchasing the service as set forth above). If this type of data is necessary to make your prototype “come alive”, use dummy data instead. Please see our knowledge base for more information and a tool to easily import such dummy data.
      
   2. Information That We Collect From You through our Website and/or Services
      
      Log Data:  information automatically recorded by the Services about how a person uses our Services and/or Websites, such as IP addresses, device and browser type, operating system, the pages or features of our Websites or Services to which a user browsed, the time spent on those pages or features, the frequency with which the Services is used by a user, search terms used by a user, the links on the Service that a user clicked on or used, and other statistics.
      
      Unique Identifiers:  we use unique identifiers such as cookies, e-mail or your pseudonymized customer ID to track individual usage behavior on our Websites and/or Services, such as the length of time spent on a particular page and the pages viewed during a particular log-in period. Unique identifiers collect information about a user’s use of our Websites and/or Services on an individual basis.
      
      Mobile Device Identifiers:  mobile device identifiers are identifiers stored on your mobile device that track certain data and activities occurring on or through your device. Mobile device identifiers enable collection of Personal Data (such as media access controls) as well as non-personally identifiable information (such as usage and traffic data).
      
      Cookies, Web Beacons, and Other Tracking Tools:  we and our third party service providers collect information about you, your device, and your use of the Service through cookies, clear gifs (a.k.a. web beacons/web bugs) (“Web Beacons”), and other tracking tools and technological methods (collectively, “Tracking Tools”). Tracking Tools collect information such as computer or device operating system type, IP address, browser type, browser language, mobile device ID, device hardware type, the website or application visited or used before or after accessing our Service, the parts of the Service accessed, the length of time spent on a page or using a feature, and access times for a webpage or feature. These Tracking Tools help us learn more about our users and analyze how users use the Service, such as how often users visit our Service, what features they use, what pages they visit, what emails they open, and what other sites or applications they used prior to and after visiting the Service.
      
      Cookies: like many websites and mobile application operators, we collect certain information through the use of “cookies,” which are small text files that are saved by your browser when you access our Service. Cookies can either be “session cookies” or “persistent cookies”.  Session cookies are temporary cookies that are stored on your device while you are visiting our Website or using our Service, whereas “persistent cookies” are stored on your device for a period of time after you leave our Website or Service. We use persistent cookies to store your preferences so that they are available for the next visit, and to keep a more accurate account of how often you visit our Service, and how your use of the Service varies over time. We also use persistent cookies to measure the effectiveness of advertising efforts.  Through these cookies, we may collect information about your online activity after you leave our Service.  
      
      For more information on cookies, including how to control your cookie settings and preferences, please review our Cookie Policy and visit:
      
      http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm
      https://ico.org.uk/for-the-public/online/cookies/ and
      http://www.allaboutcookies.org/
      
      Web Beacons: web Beacons help us better manage content on our Service by informing us what content is effective. Web Beacons are embedded in, or otherwise associated with, certain emails or other communications that you receive from us or our partners. Web Beacons help us track your responses and interests and deliver relevant content and services to you. For example, they may let us know when you take actions based on the emails that we send. Web Beacons also allow us to enhance our Behavioral Advertising (defined below), which is further discussed below in the section titled “Online Behavioral Advertising” below.
      
      Social Media Widgets: some parts of our Service may include social media features, such as the Facebook “like” button, and widgets, such as the “share this” button. These social media features are either hosted by a third party or hosted directly on our Service. When you use these tools, the party that provides the tool, the third party that operates the social media services, and/or we may receive Personal Data about you. By using these tools, you acknowledge that some information, including Personal Data, from your social media services will be transmitted to us, and that information is therefore is covered by this Privacy Policy, and some information, including Personal Data, may be shared with the third party services, and that information is therefore governed by their privacy policies.
      
      Online Behavioral Advertising: some of our advertising (“Behavioral Advertising”) involves using Tracking Tools to collect information about a user’s online activities over time and across non-affiliated websites and applications and providing ads to the user based the user’s interests (as inferred from the user’s online activity) or use of our Service.  Behavioral Advertising may appear on our Service or on other websites or services. We work with third parties to provide Behavioral Advertising, such as advertising networks, data exchanges, traffic measurement service providers, marketing analytics service providers, and other third-party service providers (collectively, “Advertising Service Providers”).  Advertising Service Providers perform services such as facilitating targeting of advertisements and measuring and analyzing advertising effectiveness on the Service (collectively, all such services, “Targeting Services”). Targeting Services help us display Behavioral Advertising, prevent you from seeing repeated ads, and enable us to research the usefulness of ads.
      
      We adhere to self-regulatory principles for online behavioral advertising issued by the Digital Advertising Alliance (“DAA”) and the European Interactive Digital Advertising Alliance (“EDAA”) (collectively, the “OBA Principles”). More information about the OBA Principles can be found at
      
      http://digitaladvertisingalliance.org/principles and
      http://www.edaa.eu/european-principles/.
      
      You have the option to opt out of Behavioral Advertising. For more information, see the section below entitled “Your right to Opt Out of Behavioral Advertising and Tracking Tools.”
      
   3. Information Collected From Other Sources
      
      Third Party Services:  information that our business partners, such as our content-providing partners, share with us -- for example, if you use their services to purchase, preview, and/or otherwise use their content when using our Service.
      
      Third Party Sources: We may use third-party services, such as open search tools and social networks (including Twitter handle), to obtain information about you (such as your name or company) and to enrich your personal information by obtaining publicly available information about you, such as your job title, employment history and contact information.
      
4. HOW DO WE USE YOUR INFORMATION?
   
   1. We use your information for the following purposes:
      
      1. Providing, Improving and securing our Services:
         1. create your InVision account
         2. provide, operate, maintain, administer, promote and improve our Service
         3. enable you to access and use the Services
         4. better understand your needs and interests
         5. fulfill requests you make
         6. personalize your experience
         7. protect, investigate, and deter against fraudulent, harmful, unauthorized, or illegal activity
         8. to help us understand usage patterns and other activities on our websites and applications so that we can diagnose problems and make improvements, including enhancing usability and security
         9. for legal reasons and corporate transactions
            
            When we process personal data due to contractual necessity (i.e. when we must process personal data to provide the Service), failure to provide such Personal Data will result in your inability to use some or all portions of the Service that require such data.
            
      2. Communicating with you:
         1. provide Service announcements
         2. communicate with you, including to send marketing and transactional messages, response to your query and requests; provide customer support and service; send you technical notices, and updates
         3. provide you with information and offers from InVision, InVision affiliates, and our business partners
         4. Facilitate marketing, advertising, surveys, contests, sweepstakes, and promotions
         5. Publish aggregated data about usage trends
            
   2. For our EU visitors/users: PROCESSING GROUNDS
      
      We will only use your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity, and our “legitimate interests” or the legitimate interest of others, as further described below.
      
      1. Contractual Necessity: We process the following categories of Personal Data because we need the personal data to perform our User Agreement with you, and to enable us to provide you with the Service:
         1. Contact Information
         2. User Account Information
         3. Billing and Financial Account Information
         4. Transaction Information
         5. User Content
            
      2. Legitimate Interest:  We process the following categories of Personal Data when we believe doing so furthers the legitimate interest of us or third parties, this may include when we  operate and improve our business, products, and services; or when marketing our products and services to you; or protecting our Services from fraud or security threats; or completion of corporate transactions:
         1. Contact Information
         2. Billing and Financial Account Information
         3. User Account Information
         4. Transaction Information
         5. User Content
         6. Partner Information
         7. Log Data
            
      3. Consent:  In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data.  When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection.
         
      4. Other Processing Grounds:  From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
         
5. WHAT ARE YOUR RIGHTS REGARDING YOUR INFORMATION?
   
   Services Information
   
   When you are an InVision Account holder, you may access, update, delete, or correct most of your Account information by logging in to your account to edit your profile or organization record. When you are an InVision Enterprise Account holder, you can accomplish this by contacting your account administrator. For more detailed information as to tools available to you and your account administrator, please refer to our rights management page.
   
   If you have requests that cannot be carried out by logging into your account, such as accessing additional information or deleting information, please contact us through our dedicated webform. We will take reasonable steps to respond to all requests within 30 days (or less!).
   
   Marketing emails, advertising and website browsing:
   
   Your right to opt-out of behavioral advertising and tracking tools:
   
   For marketing communications, you may opt out of marketing communications sent by InVision by accessing rights management page or by clicking on the unsubscribe link in the marketing email you receive.
   
   You can opt-out of certain Behavioral Advertising activities by doing one or more of the following. Please note that you will need to opt-out of each browser and device for which you desire to apply these opt-out features.
   
   1. Service Provider Opt Out:  You can opt-out directly from some Advertising Service Providers and providers of Tracking Tools by using their opt-out tools.  Some of these service providers, and links to their opt-out tools, are:
      1. Google Analytics: with a privacy policy at http://www.google.com/policies/privacy/partners/ and opt out at https://tools.google.com/dlpage/gaoptout.
         
   2. Industry Opt Out Tools:  Some Advertising Service Providers or providers of Tracking Tools may participate in the Network Advertising Initiative's (NAI) Opt-Out Tool (http://www.networkadvertising.org/choices/) and/or the Digital Advertising Alliance (DAA) Consumer Choice Page (http://www.aboutads.info/choices/), and you can opt-out of certain services and learn more about your choices by visiting the links included there.   Users in the EU can visit http://www.youronlinechoices.eu/ for more information about your choices and to opt out of participating service providers.
      
   3. Web Browser Controls: You can prevent the use of certain Tracking Tools, such as cookies, on a device-by-device basis using the controls in your web browser. These controls can be found in the Tools > Internet Options (or similar) menu for your browser, or as otherwise directed by your browser’s support feature.  Through your web browser, you may be able to:
      1. Delete existing Tracking Tools
      2. Disable future Tracking Tools
      3. Set your browser to provide you with a warning each time a cookie or certain other Tracking Tools are being set
         
   4. Mobile Opt Out: Your mobile devices may offer settings that enable you to make choices about the collection, use, or transfer of mobile app information for Behavioral Advertising. You may also opt-out of certain Tracking Tools on mobile devices by installing the DAA’s AppChoice app on your mobile device (for iTunes, visit https://itunes.apple.com/us/app/appchoices/id894822870?mt=8, for Android, visit https://play.google.com/store/apps/details?id=com.DAA.appchoices&hl=en).  For more information, please visit http://support.apple.com/kb/HT4228, https://support.google.com/ads/answer/2662922?hl=en or http://www.applicationprivacy.org/expressing-your-behavioral-advertising-choices-on-a-mobile-device, as applicable.
      
   5. Do Not Track:  Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. The Service does not support Do Not Track requests at this time, which means that we collect information about your online activity both while you are using the Service and after you leave our Service.
      
   6. Our Cookie Management Tool: We also allow you the ability to opt out of certain types of cookies by clicking on the cookie banner when you first enter the applicable website (for EU users) or by using our cookie-management solution.
      
      For any further information, please review our Cookie Policy and please note the following with respect to opting out of Behavioral Advertising:
      
      1. Some opt-out features are cookie-based, meaning that when you use these opt-out features, an “opt-out” cookie will be placed on your computer or other device indicating that you do not want to receive Behavioral Advertising from certain companies. If you delete your cookies, use a different browser, or use a different device, you will need to renew your opt-out choice.
      2. Opting-out of Behavioral Advertising does not mean that you will no longer receive online ads. It only means that such ads will no longer be tailored to your specific viewing habits or interests. You may continue to see ads on and about the Service.
         
6. WITH WHOM DOES INVISION SHARE YOUR INFORMATION?
   
   Our Employees and authorised contractors: we may share your information, including personal information, with any member and authorised contractors of InVision and its affiliates.
   
   Our Third Party Service Providers, partners and resellers: we may share your information, including Personal Data with vendors, third party service providers, and agents who work on our behalf and provide us with services related to the Services (including for billing and credit card payment processing, maintenance, sales, marketing, administration, support, data enrichment, hosting, and database management services, or outside professional advisors (such as lawyers and accountants), or  co-sponsors and presenters of webinars and events that you attend or co-branded content partners when you download or request certain marketing of such content. Additional information about the subprocessors we use to support delivery of our Services is set out here.
   
   Third Party Services and third parties (with whom you are collaborating or with whom you consent):
   
   1. We may share Personal Data with Third Party Services when enabled by you, including social media services (if you interact with them through your use of the Service);
   2. We may share Personal Data with any third party when you have consented that we do so, including with anyone with whom you (or someone on your team) provides a “share link” to post information, when you share or comment on content, or as otherwise necessary to effect a transaction initiated or authorized by you through the Service;
   3. The Service allows its users to publicly post information, communicate with others, submit media content, and/or review goods, services, or vendors, via services such as discussion boards or blogs. Any information, including Personal Data that you post there, will be public and can be viewed by the public at large, and therefore anyone who accesses such postings will have the ability to read, collect, and further disseminate such information. We have no control over, and take no responsibility for, the use, storage, or dissemination of information posted or otherwise made available on such portions of the Service. By posting Personal Data online in public forums, you may receive unsolicited messages from other parties;
   4. Customer Organisation: InVision may also share your personal data with the organisation associated with your email address. If you register for the Service using an e-mail address that we recognize to be either a part of a third-party enterprise account for the Service (an “Enterprise Account”) or a potential enterprise Service purchaser (for example, your employer’s) (each, an “E-Mail Holder”), we may provide your name and email address to the E-Mail Holder and their administrator.  In some cases, we will also consolidate your account(s) with the accounts of the E-Mail Holder and we provide your E-Mail Holder and their administrator with access to your User Account information and User Content. This may happen when the E-Mail Holder’s account is established after you register for your individual User Account. We make these transfers to allow users who are part of a larger organization to take advantage of the special features and security enjoyed by our enterprise Account holders, and in order to help you and your organization comply with its internal security and email usage obligations.  Please note that all accounts for the Service, and all applicable subaccounts (which may include your User Account), are controlled by the account administrator. In certain cases (e.g. when we are aggregating all of the accounts under an Enterprise Account), we may provide you with the an e-mail notice giving you the ability to opt-out of consolidation with an E-Mail Holder’s Account (typically by changing the email address on your account to a non-E-Mail Holder email address).
      
      Additionally, when you are an E-Mail Holder creating an Account, we may notify any individuals already using the Services under an email address with the same company domain as yours so that they can be migrated to your enterprise Account.
      
   5. Business Transaction. If InVision is acquired by or merges with another entity (in which case we will require such entity to assume our obligations under this Privacy Policy), if we are involved in a bankruptcy, or if the ownership or control of all or part of the Services or their assets changes, information about you will be transferred to such entities.  Similarly, if you access the Service as part of a third party account (e.g. an Enterprise Account), the individual or entity controlling such account may transfer or otherwise share the account (including your User Account, User Content, and Personal Data) to an acquirer of some or all of its assets in connection with the migration to an E-Mail Holder’s account, or a business deal (or the evaluation of a potential business deal) such as a merger, consolidation, acquisition, reorganization, or sale of assets, or in the event of bankruptcy.
      
      Law enforcement: we may share Personal Data when we believe it is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies or protect us, our business or our users, or third parties, for example to enforce our terms of service, prevent spam or other unwanted communications and investigate or protect against fraud or to maintain the security of our products and services.
      
7. HOW DO WE SAFEGUARD YOUR INFORMATION?
   
   We believe the security of your information is a serious issue and we are committed to protecting the information we receive from you. We use commercially reasonable security measures to protect against the loss, misuse, and alteration of your information under our control based on the type of Personal Data and applicable processing activity, such as data encryption in transit over public networks using TLS, data encryption at rest using Advanced Encryption Standard, pseudonymization, and enforcement of least privilege and need-to-know principles.
   
   More detailed information on our security practices is available here.
   
8. WHAT INTERNATIONAL DATA TRANSFERS OCCUR TO YOUR INFORMATION?
   
   InVision may transfer your information to countries other than the one in which you live. The Service is hosted and operated in the United States (“U.S.”), with development, support and maintenance operations in other countries through InVision and its service providers.
   
   InVision deploys and can rely, at its discretion, on the following safeguards in case of any transfer by InVision of your Personal Data outside of the EEA to a country which is not deemed to provide adequacy privacy protection:
   
   1. EU-U.S. and Swiss-U.S. Privacy Shield Participation
      
      InVision (including its Websites) complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the EU or Switzerland to the United States, respectively.  InVision has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of (1) Notice; (2) Choice; (3) Accountability for Onward Transfer; (4) Security; (5) Data Integrity and Purpose Limitation; (6) Access and (7) Recourse, Enforcement and Liability (collectively, the “Privacy Shield Principles”).  With respect to Personal Data received or transferred pursuant to the Privacy Shield Framework, InVision is subject to the investigatory and enforcement powers of the Federal Trade Commission.  InVision is responsible for onward transfers to third parties for external processing on our behalf under the Privacy Shield Framework. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern with respect to all Personal Data transferred from the EU or Switzerland to the U.S. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/.  Our certification can be viewed here.
      
      We also commit to resolve complaints about your privacy and our collection or use of Personal Data transferred from the EU or Switzerland to the U.S. in compliance with the Privacy Shield Principles where applicable and have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the U.S.  If you do not receive timely acknowledgment of your Privacy Shield-related complaint from us, or if we have not resolved your complaint, you may contact or visit JAMS by visiting www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint, at no cost to you. Under certain conditions, you may also be entitled to invoke binding arbitration for residual claims about whether we have violated our obligations to you under the Privacy Shield, and if that violation remains fully or partially un-remedied.
      
   2. European Union Model Contract Clauses
      
      InVision offers European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our Customers that operate in the European Economic Area. A copy of our standard data processing addendum incorporating Model Clauses is available here.
      
9. HOW LONG DO WE RETAIN YOUR INFORMATION?
   
   We retain Personal Data about you for as long as you have an open account with us or as otherwise necessary to provide you with the Service, and thereafter as set forth in our Service agreement with you.
   
   In some cases we retain Personal Data for longer, if doing so, it is only necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule, or regulation.
   
   After it is no longer necessary for us to retain information about you, we will dispose of it in a secure manner or anonymize the information. We also retain backups of some data (which may contain your personal data) in our Service for a limited period of time after termination of the service or deletion of the data from our production services.
   
10. YOUR RIGHTS UNDER GDPR
    
    In addition to the rights set out in the section “Your Rights’, if you are located in the EU (including the UK), you may have additional rights under the EU General Data Protection Regulation (“GDPR”) related to your Personal Data, as further described below.
    
    Invision’s role under the GDPR: Under GDPR, there is a distinction between the “controller” and the “processor” of Personal Data.  Depending on the situation and the type of data involved, InVision may act as a data controller or a data processor.
    
    Where you are using our Services and making decisions about the personal data that is being processed in the Services (for example when uploading and using Customer Content, or selecting the Third Party Services you wish to connect to the Services), you are acting as a data controller and InVision is acting as a data processor.
    
    Our Services are intended to be collaborative by nature. So if you are using the Services as an authorized user of an InVision customer (whether that customer is your employer, another organization, or an individual), that customer determines its own policies (if any) regarding storage, access, modification, deletion, sharing, and retention of personal information and Content, which may apply to your use of the Services. Please check with that customer about the policies and settings it has in place.
    
    In other cases, InVision will be the controller of some of your Personal Data (such as when we collect your billing information, or contact information for marketing purposes, or when monitoring usage information on our Website).
    
    Additional rights:
    
    You also have the right to lodge a complaint about InVision’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
    
    For further information about InVision’s commitment and your rights under GDPR, please see our GDPR Compliance Page.
    
11. YOUR RIGHTS UNDER CCPA
    
    If you are a consumer as defined in the California Consumer Privacy Act (CCPA), the following provisions apply to you. Definitions of terms are set out in the CCPA.
    
    1. Information about your Personal Information:
       1. For more details about the Personal Information collected by InVision over the last 12 months, including the categories of sources, please see the “What information do we collect and receive?" section above.
       2. This information is collected by InVision for the business and commercial purposes described in the section "How do we use your information?" above.
       3. We share this information with the categories of third parties as set out in this section "With whom does InVision share your information?" above.
          
    2. Your Rights:
       
       Under the CCPA, California consumers may be provided the following rights:
       
       1. the right to know about the categories or specific pieces of Personal Information we collect (including how we use and disclose the information)
       2. the right to have your Personal Information deleted
       3. the right not to be discriminated against for exercising consumer rights under the CCPA;
       4. the right to opt-out of any ‘sales’ that may be occuring
          
          California consumers may exercise their rights by emailing us at privacy@invisionapp.com. Once we receive your request, we will review it, determine whether we can verify your identity, and process the request accordingly. If we need additional information, we will let you know. If you would prefer, you may designate an authorized agent to make a request on your behalf.
          
    3. Do not Sell:
       
       While we disclose personal information to service providers for the purpose of managing our relationship with you (e.g. distributing marketing communications) and providing the Services, we do not sell your personal information for monetary consideration. You can opt out of sharing of personal data for the purpose of cross-contextual ads by clicking on the cookie banner when you first enter the applicable website (for UK, EU, CA and VA users).
       
    4. CCPA Addendum
       
       If your organization requires a CCPA addendum, please email us your customer details (organization name and plan information) with your request at privacy@invisionapp.com.
       
       For further information about InVison’s commitment to CCPA compliance, please see our CCPA Compliance Page.
       
12. CHANGES
    
    We reserve the right to modify this Privacy Policy at any time to reflect updates to our Services, applicable laws or other factors. We encourage you to periodically review this page for the latest information on our privacy practices. If we make material changes to this Privacy Policy, you will be notified via email (if you have an account where we have your contact information) or otherwise we will include a notice on this website and/or through the Services. In all cases, your continued use of the Service or Website after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.
    
13. HOW TO CONTACT US
    
    Please contact us if you have any questions or comments about our privacy practices. You can reach us online at privacy@invisionapp.com or by mail at:
    
    InVisionApp Inc.
    Attention: Privacy Officer
    41 Madison Ave
    Floor 25
    New York, NY, 10010
    USA